Re: Administrivia: List Announcement

From: Wynn Fenwick (wynn.fenwickat_private)
Date: Tue May 13 2003 - 13:43:56 PDT

Next message: Dana Epp: "Re: partial analysis of vulndev-1.c"

Previous message: Nexus: "Re: Administrivia: List Announcement"
Maybe in reply to: Dave McKinney: "Administrivia: List Announcement"
Next in thread: Cameron Brown: "RE: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Xeno nailed that one but here's something I wondered...

The program uses malloc() then iterates through each memory location, 
assuming that malloc() would give them a contiguous block of memory.

>        for (i = 0; i <= SIZE && p1[i] != '\0'; i++)
>                buf1[i] = p1[i];

I believe there is an (incorrect) assumption that the memory returned 
by malloc() on Win32 is contiguous, unlike some UNIX boxen? Is there a 
neato non-portability vulnerability created by iterating through the 
string elements this way? or is it only vulnerable if you do something 
like this:

  char* p;
  p = &buf1;
  while (*p != '\0') buf1[i++] = *p++; 


Wow... I haven't written C in a long time... I hope I don't embarrass 
myself... 

W

Next message: Dana Epp: "Re: partial analysis of vulndev-1.c"
Previous message: Nexus: "Re: Administrivia: List Announcement"
Maybe in reply to: Dave McKinney: "Administrivia: List Announcement"
Next in thread: Cameron Brown: "RE: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:30:00 PDT